I found this file too. It's a part of botnet, that uses your server. You definetly used nulled themes or modules. Bad news - only one way to stop this - opencart reinstall with normal mods and themes. Or you can find code by yourself, but you need to look at your files manually, that's hard and takes a long time.

I found this file too. It's a part of botnet, that uses your server. You definetly used nulled themes or modules. Bad news - only one way to stop this - opencart reinstall with normal mods and themes. Or you can find code by yourself, but you need to look at your files manually, that's hard and takes a long time.

There is no sensitive data on this server since all I've been trying to do is get things moved over from my Yahoo store.
I now also see another version of this file at this location
/var/www/html/catalog/view/3.02_conf

Well, you should know best, from where you got what onto your Server ...
Could be anything, possibly a Crypto Currency Miner, using your Server, due
to it's relatively large data size.
Darknet Code today likely contains such stuff, to at least generate some
income out of their otherwise freely available (paid) Extensions.
Ernie
---https://www.google.com/search?newwindow ... =3.02_conf
---

Had it installed on a small server, no real horsepower to use. It was just me in there testing things. And no worries from my end, there was nothing there to steal aside from changes to code that I already shared on this forum anyway. I'm just very curious how this happened.

My question though is if there is a log of what has been installed for extensions? I've been toying with this application now for over a month, and I've learned a lot about it. I only recall installing the 2 extensions I listed above, but I may have tried some other things in the first few days of experimenting that I'm forgetting. It seems strange that there's not a log of this? It seems I'm not the only one who bumped into this problem, it'd be nice to see if everyone with the problem had an extension in common (knowing that yes, the code might delete the log anyway, since it seems to write it's own root contab.)

And this brings up another question, does anyone review the code that is posted to the opencart.com extensions area? It seems like such a mess in there, I question if anyone can really just post anything?

.. does anyone review the code that is posted to the
extensions area? It seems like such a mess in there, I question
if anyone can really just post anything?

Well, OC removes some Extensions, on Request, if one finds some 'screwy' Mod in the
Extension Section. But it would be more than a fulltime Job, to check everything.

But everybody is free, to create an Extension, as you wish, to know, what's installed
on Mods. Nobody yet seemed to be looking for such, otherwise, one would possibly
have created one, containing all Infos on Modules and Vq-/Oc-Mods on a single Page.

As I mentioned before, never blindly install any extension, if the functionality seems worth your while, take it apart and put it back together again and install it manually.
If that is not worth your while then the functionality is not worth it or you just like to live dangerously.

Crystal Light Centrum Taiwan
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”When you know your life savings are gone.

And this brings up another question, does anyone review the code that is posted to the opencart.com extensions area? It seems like such a mess in there, I question if anyone can really just post anything?

Every extension published on the marketplace is reviewed.
But - as always, it can happen because of the updates a dev may make, that a "not so clean" extension may be published.

Also contact the support, if the extension in encrypted, doing homecalls without users interaction, sending emails to gmail accounts .. and so on (everything seen such by myself on several customer webs).

One of the most made mistake of many people is, to get extensions, modules and templates NOT from the official sources (OC Marketplace, developers own Shop).
Just to 'save money'.
Instead installing extensions from unsafe sources, will open any door you may have.
Which may lead to situations described here.

And - not to forget! - never use a free hoster/provider for your webshop.
Why?
Do you know why it is free?
Do you know what these people may do?
Do you know how save is the server?

No.

And at least: never give access to someone you do not know.
Like so called devs, reachable only over a free gmail address, having no real address, no phone number.

Also contact the support, if the extension in encrypted, doing homecalls without users interaction, sending emails to gmail accounts .. and so on (everything seen such by myself on several customer webs).

Ok, new fresh install of OC now on another server.
Should I trust this extension? https://www.opencart.com/index.php?rout ... sion_id=17
I wrote some Perl scripts on another server to export products in the format that extension wants, although really I need an API that lets me update products so maybe I need to write one.

yep, digitalocean is the "to go to" ISP for spammers, scrapers, wannabe hackers, etc.
Have countless of their ip's in my blacklist.

Crystal Light Centrum Taiwan
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”When you know your life savings are gone.

Crystal Light Centrum Taiwan
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”When you know your life savings are gone.